We have no evidence that this incident involved any access to customer data or encrypted password vaults. Our products and services are operating normally.

Authors: Raffaele Forte, BackBox Team

When testing APIs with short-lived authentication tokens, it can be frustrating to login every few minutes, taking up a consultant's time with an unnecessary cut+paste task — As well as introducing the possibility for human error in copying across the token…

1. Introduction to Advanced Analytic Environment

Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS - GitHub - matanolabs/matan...

Microsoft, in conjuncture with partners in the PC ecosystem, has developed a set of capabilities and new operating environment conditions for UEFI based systems.  This environment will leverage common, architecturally defined mitigations to improve the device…

The Elastic Container Project provides a single shell noscript that will allow you to stand up and manage an entire Elastic Stack using Docker. This open source project enables rapid deployment for testing use cases.

Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attac...

Recently, I participated in the GitHub Bug Bounty program (run through HackerOne). This is a writeup of a command injection bug I discovered in GitHub Pages build process.

Remote code execution vulnerability found by JFrog Security Research, exploiting an Info Leak and Heap Overflow on UA’s C++ OPC demo server.

Nmap's XML result parse and NVD's CPE correlation to search CVE. - GitHub - CoolerVoid/Vision2: Nmap's XML result parse and NVD's CPE correlation to search CVE.

Early this year we had the opportunity to pentest Watchguard firewalls (XTM, Firebox) for a red team engagement. This blogpost will follow the journey in which I discover 5 vulnerabilities - 2 patched along the way - and build 8 distinct exploits, and finally…

This first blog post introduces the RASP checks used in SingPass

Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javanoscript code. - GitHub - evilsocket/jscythe: Abuse the node.js inspector mechan...

Please read This is a work in progress article that will receive updates as we continue publishing detailed walkthroughs for each level.
Ethernaut is OpenZeppelin Web3/Solidity based wargame to learn about Ethereum smart contract security and become familiar…

BGP hijacking

Introduction It’s that time of year again - the Binary Golf Grand Prix is back for a third year running! You can also check out my entries to the first and second times this amazing competition ran.
The theme this year was to produce a binary that crashes…

At BSides Atlanta I gave a talk on how to handle an incident in AWS. The talk and this post is intended to help those already familiar with the principles of Incident Response to understand what to do when the incident involves the AWS Control Plane.